Next Page >>
command/line
ESXi 3.5 ESXi not affected
ESX any ESX not affected
f. VMware Consolidated Backup(VCB) command-line utilities may expose
sensitive information
VMware Consolidated Backup command-line utilities accept the user
password through the -p command-line option. Users logged into the
service console could gain access to the username and password used
Summary
=======
The server side of the Secure Copy (SCP) implementation in Cisco IOS
software contains a vulnerability that could allow authenticated
users with an attached command-line interface (CLI) view to transfer
files to and from a Cisco IOS device that is configured to be an SCP
server, regardless of what users are authorized to do, per the CLI
view configuration. This vulnerability could allow valid users to
retrieve or write to any file on the device's file system, including
the device's saved configuration and Cisco IOS image files, even if
Determination of Software Versions
+---------------------------------
Administrators can use these instructions to determine the software
version that is running on a Cisco WLC using the web or command-line
interface or on a Cisco WiSM (using commands on a Cisco Catalyst 6500
Series Switch and Cisco 7600 Series Router).
Cisco Wireless Controllers
+-------------------------
Determination of Software Versions
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Administrators can use these instructions to determine the software
version that is running on the Cisco WLCs (using the web or
command-line interface) or on the Cisco WiSM (using commands on the
Cisco Catalyst 6500 Series Switch and Cisco 7600 Series Router).
Cisco Wireless Controllers
~~~~~~~~~~~~~~~~~~~~~~~~~~
Administrators may verify the configuration of affected devices by
using one of the following methods:
For devices that are running TC4.0 or 4.1 software, administrators may
view the serial number of an affected device by logging in to the
command line of an affected device with the admin account and issuing
the xstatus systemunit hardware command.
View Serial Number:
+------------------
prior to Software Release 7.2. The vulnerability is present in the
affected releases on all platforms.
To verify the release of Cisco Network Registrar that is running,
select the About option from the menu. Alternatively, if using the
command-line interface, execute the following command:
nrcmd> session get version
Products Confirmed Not Vulnerable
+--------------------------------
3. *Vulnerability Description*
The Intel Alert Handler service ('hndlrsvc.exe') fails to correctly
process the 'CommandLine' field in the AMS request. A source address in
a 'MOV' instruction is calculated from values present in the request,
causing a remote denial-of-service.
4. *Vulnerable packages*
> -----Original Message-----
> From: Thomas Henlich [mailto:thomas@henlich.de]
> Sent: Tuesday, 30 September 2008 6:30 PM
> To: bugtraq@securityfocus.com
> Subject: MySQL command-line client HTML injection vulnerability
>
> MYSQL COMMAND-LINE CLIENT HTML INJECTION VULNERABILITY
>
> Thomas Henlich <thomas@henlich.de>
>
Cisco Firewall Services Module (FWSM). More information
regarding the FWSM can be found in the companion advisory
http://www.cisco.com/warp/public/707/cisco-sa-20071017-fwsm.shtml.
To determine whether you are running a vulnerable version of Cisco PIX
or ASA software, issue the "show version" command-line interface (CLI)
command.
The following example shows a Cisco ASA Security Appliance that runs
software release 7.2(3):
2008/08/25 #2008-014 WordNet stack and heap overflows
Description:
The WordNet 3.0 Unix library and command-line interface suffer from a
number of stack overflows due to their handling of command line
arguments,
environment variables and data read from user supplied dictionaries.
The oCERT team was contacted by Moritz Muehlenhoff from the Debian
1.Tech Gyan - Main article of the magazine. Covers various technical aspects in security, latest hacking trends and techniques.
2. Tool Gyan - Covers various hacking and security tools.
3. Mom's Guide - Dedicated to comman man. Covers basics and fundamentals.
4. Legal Gyan - IT Law with respect to hacking explained in simple language.
5. Command Line - Explains command line alternatives for various tasks.
6. Matriux Vibhag - Articles on Matriux Security Distro.
No hard and fast rules as such. Just a few guidelines :
1) Keep the language as easy as possible.
2) It should be related to our sections mentioned above. (Except for Matriux Vibhag, articles can be submitted for all other sections)
the left pane, and note the Software Version field.
Note: Customers who use a WLC Module in an Integrated Services
Router (ISR) will need to issue the service-module
wlan-controller 1/0 session command prior to performing the next
step on the command line. Customers who use a Cisco Catalyst
3750G Switch with an integrated WLC Module will need to issue the
session <Stack-Member-Number> processor 1 session command prior
to performing the next step on the command line.
* From the command-line interface, type show sysinfo and note the
.text:6DAA3EE9 push ebx ; lpEnvironment
.text:6DAA3EEA push ebx ; dwCreationFlags
.text:6DAA3EEB push ebx ; bInheritHandles
.text:6DAA3EEC push ebx ; lpThreadAttributes
.text:6DAA3EED push ebx ; lpProcessAttributes
.text:6DAA3EEE push esi ; lpCommandLine
.text:6DAA3EEF lea eax, [ebp+ApplicationName]
.text:6DAA3EF5 push eax ; lpApplicationName
.text:6DAA3EF6 mov [ebp+StartupInfo.cb], 44h
.text:6DAA3EFD call ds:CreateProcessA
1.Tech Gyan - Main article of the magazine. Covers various technical aspects in security, latest hacking trends and techniques.
2. Tool Gyan - Covers various tools hacking and security tools.
3. Mom's Guide - Dedicated to comman man. Covers basics of hacking and security.
4. Legal Gyan - IT Law with respect to hacking explained in simple language.
5. Command Line - Explains command line alternatives for various tasks.
6. Matriux Vibhag - Articles on Matriux Security Distro.
No hard and fast rules as such. Just a few guidelines. Guidelines:
1) Keep the language as easy as possible.
2) It should be related to our sections mentioned above. (Except for Matriux Vibhag, articles can be submitted for all other sections)
1.Tech Gyan - Main article of the magazine. Covers various technical aspects in security, latest hacking trends and techniques.
2. Tool Gyan - Covers various tools hacking and security tools.
3. Mom's Guide - Dedicated to comman man. Covers basics of hacking and security.
4. Legal Gyan - IT Law with respect to hacking explained in simple language.
5. Command Line - Explains command line alternatives for various tasks.
6. Matriux Vibhag - Articles on Matriux Security Distro. (This section is started from MArch2011)
Guidelines:
1) Keep the language as easy as possible.
2) It should be related to our sections mentioned above. (Except for Matriux Vibhag, articles can be submitted for all other sections)
information regarding vulnerabilities affecting the PIX
and ASA can be found in the companion advisory located at
http://www.cisco.com/warp/public/707/cisco-sa-20071017-asa.shtml.
To determine if you are running a vulnerable version of FWSM software,
issue the "show module" command-line interface (CLI) command from
Cisco IOS or Cisco CatOS to identify what modules and sub-modules are
installed in the system.
The following example shows a system with a Firewall Service Module
(WS-SVC-FWM-1) installed in slot 4.
The main windows of the AClient GUI has a hidden button that
can be seen using a resource viewer such as MS Spy++. The
button has a caption of "command prompt".
Clicking this button causes the GUI to attempt to call
CreateProcess() with the following CommandLine parameter.
"c:\Program Files\Altiris\AClient\cmd.exe"
The AClient GUI also has a ListView control which can be
which can be used to overwrite process memory. Using the
ListView, it is possible to overwrite a static pointer
MYSQL COMMAND-LINE CLIENT HTML INJECTION VULNERABILITY
Thomas Henlich <thomas@henlich.de>
DESCRIPTION
The mysql command-line client does not quote HTML special characters
like < in its output. This allows an attacker who is able to write data
into a table to hide or modify records in the output, and to inject
potentially dangerous code, e. g. Javascript to perform cross-site
RESOLUTION
The vulnerability can be resolved by the following procedure:
Disable the array's HTTP and HTTPS network management services (Note: This will also disable all management access from a Web browser. Array management access may be maintained via Command Line Interface [CLI].) Use the instructions outlined in the Workaround section below to disable the HTTP and HTTPS network management services.
Install TS230P008 firmware as soon as possible. If the HTTP and HTTPS network management services have been previously disabled, the services may be re-enabled as the issue is fully resolved in TS230P008 firmware.
TS230P008 firmware installation and workaround instructions:
...
!
service-policy global_policy global
To determine the version of Cisco FWSM Software that is running, issue
the "show module" command-line interface (CLI) command from Cisco IOS
Software or Cisco Catalyst Operating System Software to identify what
modules and sub modules are installed on the system.
The following example shows a system with a Cisco FWSM (WS-SVC-FWM-1)
installed in slot 2:
12000 Series Routers. The engine 5 line cards are the SIP-600,
SIP-601, SIP-501, and SIP-401.
To determine the Cisco IOS XR Software release that is running on a
Cisco product, administrators can log in to the device and issue the
show version command-line interface (CLI) command to display the
system banner. The system banner confirms that the device is running
Cisco IOS XR Software by displaying text that is similar to "Cisco
IOS XR Software". The software version is displayed after the text
"Cisco IOS XR Software".
also, look at quote() inside ./include/command.php:
..
// {{{ quote
//
// Quote a string to send to the command line
function quote($str) {
global $config;
if ($config->serverIsWindows) {
> Quick calculator session :
> 2^(-18) = 0.000003814697265625
> 2^(-14) = 0.00006103515625
>
> So there is a vanishingly small probability that a Bad Guy may
> discover less than 2 characters from my command-line, every time they
> try this attack. And each time they fail, my connection gets rudely
> chopped. Two characters won't help them much. They'd need to succeed
> about ten times per typed command-line to snoop on most of my
> sessions. This weakness is surely of no conceivable use to a Bad Guy
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /usr/bin/php -r '$nx=new Tidy("*");$nx->diagnose();'
[Thread debugging using libthread_db enabled]
PHP Warning: tidy::__construct(): Cannot Load '*' into memory in Command line code on line 1
Program received signal SIGSEGV, Segmentation fault.
0x00007fffedfaff87 in prvTidyReportMarkupVersion ()
from /usr/lib/libtidy-0.99.so.0
-PoC---
Devices that are running a vulnerable version of Cisco IOS software
and configured for Cisco IOS firewall AIC for HTTP are affected.
To determine the software running on a Cisco IOS product, log in to
the device and issue the show version command-line interface (CLI)
command to display the system banner. Cisco IOS software will
identify itself as "Internetwork Operating System Software" or simply
"IOS." On the next line of output, the image name will be displayed
between parentheses, followed by "Version" and the Cisco IOS release
name. Other Cisco devices will not have the show version command, or
References: http://www.devtarget.org/mcafee-advisory-08-2007.txt
III - OVERVIEW
McAfee Virus Scan for Linux and Unix is a command-line version of the
popular McAfee anti-virus scanner running on the Linux operating system
as well as on other Unices (e.g. AIX, Solaris, HP-UX etc.). It was
discovered that the product is prone to a classic buffer overflow
vulnerability when attempting to scan files or directories with a
particularly long name. This vulnerability results in the local
-------
Template Security has discovered a root privilege escalation
vulnerability in the BlueCat Networks Adonis DNS/DHCP appliance
which allows the admin user to gain root privilege from the
Command Line Interface (CLI).
Software Version
----------------
Adonis version 5.0.2.8 was tested.
Symantec has reviewed the issue that was reported with smc.exe crashing from the command line. We have confirmed that an improperly formatted command line can cause the user mode process to crash. However, the privileged service process is unaffected. The client machine maintained full protection. Symantec will supply an update to prevent the command line tool from crashing in a future release.
software-only versions of the product.
The following methods can be used to determine which version of the
Cisco Secure ACS is installed:
* From the Cisco Secure ACS command-line interface (CLI), issue the
"show version" command, as shown in the following example:
acs51a/admin# show version
Cisco Application Deployment Engine OS Release: 1.2
+------------------
This vulnerability affects Cisco MXE 5600 units that are running
Cisco Media Processing Software releases prior to 1.2. To determine
the software release that is running on a Cisco MXE unit, log in to
the device and issue the show version command-line interface (CLI)
command to display the system banner. The following example shows a
Cisco MXE 5600 device running software version 1.2.0-34.
mxe# show version
------------------------------------------------------------
Next Page>>
|
